From helpnetsecurity.com
Cisco released security patches for high severity vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation attacks.
The IT giant fixed two flaws (CVE-2021-1574, CVE-2021-1576) in Business Process Automation (BPA), an authenticated attacker could remotely exploit them to elevate their privileges to Administrator. Both issues resides in the web-based management interface of Business Process Automation (BPA), they received a CVSS score of 8.8.